When confidential or important information is transmitted
over non-secure networks such as the Internet it is often sensible to
encrypt the data with an **encryption package**. Then in the event
of the data being intercepted or received by the wrong person it will
be very difficult for them to determine what is contained within the message
thus protecting the data.

Encrypting data with an **encryption package** also
allows the receiver of the data to authenticate the identity of the sender
and confirm that they are who they say they are.

You will find here information about:-

- Authentication
- RSA Public Key Technique
- Encryption Basics
- DES Encryption
- AES Encryption
- Public or Private Keys
- Where is Encryption Used

**Encryption packages** today tends to go hand in
hand with authentication.

Authentication is the process of determining the accuracy of:

- The sender's identity, or data origin authentication,
- The sender's message, or data integrity,
- The receiver's identity, or peer entity authentication.

Data origin authentication confirms the source of the data with the claim of the sender. Data integrity ensures that data has not been altered or destroyed in an unauthorised manner. Peer entity authentication confirms a peer entity in an association as the one claimed.

The most widely used current authentication method is the RSA technique.

The RSA **encryption package** approach uses the
principle that if two large prime numbers, __e__ for encryption and
__d__ for decryption are multiplied together, the resulting number
__n__ is then very hard to factor back into the original two numbers.

__n__ = __e__ __d__

A message sent using __n__ as the key can only be decrypted by the receiver
possessing __e__ or __d__. As __e__ never leaves the transmitter
and __d__ never leaves the receiver, and factoring __n__ into
__e__ or __d__ is not possible in any reasonable length of
time, the system is secure. Since __n__ appears in public it
is called the public key. Key __d__ is a private key that never
leaves the receiver and __e__ never leaves the sender.

The RSA **encryption package** is referred to as
an asymmetric cryptosystem because the decryption key __d__ is different
to the encryption key __e__. RSA is referred to as a two key system
as either __e__ or __d__ can unlock the system if revealed.

As __n__ can be released safely to the public, it is practical to build a
public key directory that vastly simplifies the major headache of
encryption, key distribution. The unique value of a public key __n__
can be assigned to an individual or a company and used for authentication.
This is the purpose of a certification authority.

Public key **encryption package** cryptosystems are
easily adapted to add digital signature capability to authentication.
Using a digital signature is
a way of preventing repudiation by the sender.

The study and development of ways to hide information
and then to recover it only by the intended recipient are the basis for
cryptology. The process of encryption and decryption is carried about
by a cryptosystem or an **encryption package**. Cryptosystems have
been around since the times of the early Egyptians.

Information or plaintext is converted into ciphertext, a cipher or a cryptogram. This process is called encryption or encipherment.

Almost always, an encryption key is used to allow changes to the ciphering process on the assumption that the longer the key used to encrypt traffic, the more analysis needs to be conducted against the traffic to determine the encryption key. A new key forces a hacker to start all over again.

A decryption key is needed to reverse the encipherment process.

In a single key system, the decryption key is the same as the encryption key. Single key systems are also referred to as symmetric cryptosystems. Whereas, the RSA authentication system is a two key asymmetric system.

The Data Encryption Standard (DES) **encryption package**
was developed by IBM. DES is the most thoroughly tested algorithm ever,
and no major weaknesses have been found in it.

In the original DES algorithm, the DES key, 56 bits long, is used to generate a pseudorandom stream of 1's and 0's. This stream is mixed with the data, and then fed back into itself, resulting in very scrambled data. Changing the key starts a new and different stream.

The decryption process is designed to generate the same random pattern, starting at the same point as the sender. Exactly the reverse takes place, subtracting by iterations, to arrive at plaintext data.

With modern computing power it is now possible to crack the original DES algorithm by brute force. As a consequence of this the algorithm has now advanced into Triple-DES with a key length 3 times as long.

It is necessary that both the sender and the receiver have the same key. This inherently authenticates one to the other. Data integrity is preserved because an attacker has no idea of where to begin to break the encryption.

the Advanced Encryption Standard (AES) **encryption
packge** , also known as Rijndael, is a block cipher adopted as an encryption
standard by the US government. The National Institute of Standards and
Technology (NIST) established the new Advanced Encryption Standard (AES)
specification on May 26, 2002.

The AES **encryption packge** is a cryptographic
algorithm that can be used to protect electronic data. Specifically, AES
is an iterative, symmetric-key block cipher that can use keys of 128,
192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits
(16 bytes).

AES is the successor to the older Data Encryption Standard (DES). DES was approved as a Federal standard in 1977 and remained viable until 1998 when a combination of advances in hardware, software, and cryptanalysis theory allowed a DES-encrypted message to be decrypted in 56 hours. Since that time numerous other successful attacks on DES-encrypted data have been made and DES is now considered past its useful lifetime.

The AES algorithm is based on permutations and substitutions. Permutations are rearrangements of data, and substitutions replace one unit of data with another. AES performs permutations and substitutions using several different techniques.

The AES **encryption package** will certainly become
a de facto standard for encrypting all forms of electronic information,
replacing DES. AES-encrypted data is unbreakable in the sense that no
known cryptanalysis attack can decrypt the AES cipher text without using
a brute-force search through all possible 256-bit keys.

Key management is a major consideration in an encrypted enterprise network. Like any other asset, keys must be generated, distributed and accounted for. Key distribution can be simplified by using a public key system such as RSA. Since the public key for any computer or individual need not be secure, a public key directory allows a computer or individual to send a message simply by asking the directory for their public key.

A private key **encryption package** system such
as Triple DES or AES is faster than a public key system such as RSA in
real-time applications. Public key systems need to sign a message and
verify it at the other end, and this takes longer.

In a private key system, the keys must be the same at both ends and therefore authentication is assured intrinsically. A private key system such as Triple DES or AES is generally less expensive and less processing intensive than a public key system.

The ideal combination is to use the public key system to distribute private keys and then use the faster private key system to transmit data.

In cases where distributing keys to individuals is a major concern, or where it is necessary to authenticate previously unknown individuals, a public key algorithm should be considered, such as RSA.

In cases where security and speed are paramount or where it is relatively easy to distribute keys to known individuals a private key algorithm should be considered. They are generally more secure, faster and cheaper than public key algorithms. A suitable private key algorithm is Triple DES or AES.

If you are little more adventerous you might like to
try the Random Byte **encryption package**. This can support key lengths
signifcantly longer than those supported by Triple DES or AES. However,
this is not widely used or tested.

If you require the finished article then try the highly
respected and widely used PGP **encryption package** and authentication
system available from Network Associates.

Alternatively, you might purchase a digital
certificate and make use of an SSL **encrytion package**.

You will find **encryption packages** in use in all
forms of electronic transactions. It is used to protect the information
sent to your bank when withdrawing your cash from an automatic teller
machine.

All reputable websites that take credit or debit card transactions will be secured using SSL encryption. This utilises a digital certificate generated using the RSA public key algorithm to encrypt all the traffic from your PC's browser to the Internet merchants server.

Many companies today have facilities to allow their
workers to access company data remotely via a VPN (virtual private network).
This will either be an IPSEC VPN which typically uses RSA or the Diffie-Hellman
public key algorithms to establish a secure connection and encrypts all
the information using the Triple DES or AES **encryption packages**.
Alternatively it will be an SSL VPN which uses a digital
certificate generated using the RSA algorithm.

Most secure electronic communication today is protected
by some form of **encryption package**.

Security Policies © C.Stone 1996 - 2011